util: safely inspect getter errors whose message throws

Author: yvele

lib/internal/util/inspect.js

@@ -2557,7 +2557,14 @@ function formatProperty(ctx, value, recurseTimes, key, type, desc,
         }
         ctx.indentationLvl -= 2;
       } catch (err) {
-        const message = `<Inspection threw (${err.message})>`;
+        let messageSuffix;
+        try {
+          // Error message itself may be a getter
+          messageSuffix = ` (${err.message})`;
+        } catch {
+          messageSuffix = '';
+        }
+        const message = `<Inspection threw${messageSuffix}>`;
         str = `${s(`[${label}:`, sp)} ${message}${s(']', sp)}`;
       }
     } else {

test/parallel/test-util-inspect.js

@@ -2551,6 +2551,24 @@ assert.strictEqual(
       "'foobar', { x: 1 } },\n  inc: [Getter: NaN]\n}");
 }
 
+// https://owasp.org/Top10/2025/A10_2025-Mishandling_of_Exceptional_Conditions/
+// Test for property getter throwing an error with a bad message.
+{
+  const error = {
+    // The message itself is a getter that throws
+    get message() { throw new Error('Oops'); }
+  };
+
+  const thrower = {
+    get foo() { throw error; }
+  };
+
+  assert.strictEqual(
+    inspect(thrower, { getters: true }),
+    '{ foo: [Getter: <Inspection threw>] }'
+  );
+}
+
 // Check compact number mode.
 {
   let obj = {